Information security and data protection

With SAML 2.0-based single sign-on (SSO), we allow our customers to access our service through an identity provider (IDP) of their choice. Our platform has strict requirements for password complexity and uses two-factor authentication (2FA) to provide an extra layer of security.

Our servers are hosted at state-of-the-art data center parks that provide excellent and environmentally friendly infrastructure. These data centers meet strict safety requirements and hold certifications such as ISO/IEC 27001. Our cloud hosting provider is also certified for various security and privacy standards, including ISO 27001, ISO 27017, ISO 27018, SOC1, SOC2, and SOC3.

Our hosting provider's automated DDoS protection system recognizes almost all attack patterns in advance, allowing it to block attacks and thwart most of them effectively. It uses the latest hardware appliances and sophisticated perimeter security technologies, providing first-rate protection against large-scale DDoS attacks.

We have established policies and procedures for responding to potential security incidents. Our dedicated incident response team manages all security incidents. In the event of an incident, affected customers will be informed and quickly updated by our support team while our teams fix the issue. In addition, the operational status of our platform components is always available for our customers under https://status.productsup.io/.

Fulfilling our data privacy and security commitments is essential to us. Therefore, we have ensured that our processes, data processing agreements (DPAs), and other protections in place comply with GDPR requirements. Our compliance with GDPR requirements is regularly audited through our external DPO Nils Möllers (Keyed GmbH).

To ensure the safety of our customers' data, we perform incremental backups every hour and full backups every day, storing them both on- and off-site. We test our data restoration procedure regularly. If needed, we can smoothly switch to another infrastructure region, as core components are redundantly deployed across two geographically separated hosting locations.

At Productsup, security is managed throughout every stage of our software development lifecycle (SDLC). This involves the application of development procedures and secure coding principles, consideration of OWASP Top 10 vulnerabilities, and fully automated code reviews with strict quality gates, among others.

Productsup uses advanced network and web application vulnerability scanners to identify vulnerabilities and potential security threats. Identified vulnerabilities are assessed by our development and infrastructure operations team and remediated subsequently. In addition, we regularly undergo external security assessments through independent third parties.

Our service uses HTTPS with modern TLS (1.2) implementations only and strong ciphers to encrypt all data while in transit. For sensitive data at rest, column-level encryption is applied (AES256), and user credentials are salted and hashed.

Exporting data to third parties

A necessary aspect of feed management is sending product feeds to data to external channels such as Google, Facebook, Amazon, and hundreds more. The method of integration with these channels depends on the use case. Each external channel will receive the data over a destination. For example, this could be an FTP Server or an API connection. The encryption varies, depending on the destination. You are advised to make yourself aware of the type of encryption of these destinations before using them.

Encryption types of the most popular Productsup destinations

Here is a brief list of some of the most popular Productsup destinations and appropriate encryption methods and security information: